WordPress security plugins are essential tools for protecting websites from various threats. However, vulnerabilities in these plugins can compromise the very security they are meant to provide. This blog post discusses a recently discovered vulnerability in the Defender Security WordPress plugin, how it can be exploited, and the steps needed to fix it.

What is the Issue?

A security issue was found in versions of the Defender Security WordPress plugin before 4.1.0. The vulnerability allows an unauthenticated user to bypass the hidden login page functionality and access the WordPress login page via the auth_redirect function. This issue compromises the security feature designed to obscure the login page from unauthorized users.

How to Discover the Vulnerability

This vulnerability can be discovered by accessing a specific URL pattern on a site using an affected version of the Defender Security plugin. For example, visiting a URL like https://example.com/?gf_page=randomstring can reveal the WordPress login page, bypassing the hidden login page feature.

Why is This a Problem?

Exposing the WordPress login page to unauthorized users increases the risk of brute-force attacks, where attackers attempt to guess passwords to gain access to administrator accounts. This vulnerability undermines the security feature of hiding the login page, making the site more susceptible to targeted attacks and unauthorized access attempts.

How to Fix It

The vulnerability has been addressed in version 4.1.0 of the Defender Security plugin. To mitigate this issue, it is recommended to update to version 4.1.0 or later. Keeping plugins up to date ensures that any security patches or improvements are applied, protecting the site from known vulnerabilities.

References

• Discovering WP Admin URLs in WordPress with GravityForms
• WPScan Vulnerability
• CVE-2023-5089

Impact

This vulnerability allows unauthorized access to the WordPress login page despite the security measures intended to obscure it. As a result, there is an increased risk of brute-force attacks, which could compromise website administrator accounts. Successful exploitation of this flaw undermines the security feature of hiding the login page, making the site more vulnerable to targeted attacks and unauthorized access attempts.

Conclusion

Vulnerabilities in security plugins like the Defender Security WordPress plugin can pose significant risks to website security. It is crucial to keep plugins updated to the latest versions to ensure all known vulnerabilities are patched. By understanding and addressing such vulnerabilities, website owners can protect their sites from potential attacks and maintain robust security measures.

Regularly updating security plugins and performing security assessments are essential practices to safeguard websites against evolving threats.

‍